Sasha Romanosky

Policy Researcher, RAND Corporation

Sasha Romanosky is a policy researcher at the RAND Corporation and former cyber policy advisor at the Pentagon in the Office of the Secretary of Defense for Policy (OSDP).

He researches topics in the economics of security and privacy, information policy, applied microeconomics, and law and economics. For example, he has examined whether state data breach disclosure laws have reduced consumer identity theft; when and how firms are more likely to be sued when they suffer a data breach, and when they’re more likely to settle. He has also studied the cost of data breaches in order to understand whether corporate losses are really as severe as is commonly believed. And most recently, he collected a dataset of cyber insurance policies to examine how insurance carriers measure and price cyber risk.

He was a Microsoft research fellow in the Information Law Institute at New York University, and was a security professional for over 10 years in the financial and e-commerce industries. He holds a CISSP certification, and is co-author of the Common Vulnerability Scoring System (CVSS), an open standard for scoring computer vulnerabilities. While in DoD, he oversaw two of the Department's most critical vulnerability programs, and advised on numerous other matters related to cyber security and cyber policy.

Romanosky holds a Ph.D. in public policy and management from Carnegie Mellon University, and a B.S. in electrical engineering from the University of Calgary, Canada.